Feeds

Trustwave to escape 'death penalty' for SSL skeleton key

Moz likely to spare certificate-confession biz same fate as DigiNotar

Providing a secure and efficient Helpdesk

Trustwave fights backs

In a statement, Trustwave said it supplied the skeleton-key digital credential authority to a private customer - not an ISP, government or law enforcement agency - adding that the technology could not have been used outside the private network to which it was supplied. A Trustwave representative, Brian Trzupek, expanded on this explanation a little during the debate on the Mozilla list.

Trzupek said the "single subordinate root system" technology was supplied as a one-off "issued to a enterprise customer for use on their internal network - with network usage policies presented to users". He said that the decision to stop offering the technology, which he stressed was supplied with stringent safeguards, was made in light of concerns raised by the Comodo and DigiNotar hacks last year. He wrote:

We did not create a system where the customer could generate ad-hoc SSL certificates AND extract the private keys to be used outside this device. Nor could the subordinate root key ever get exported from the device. The system was used only for routing internal corporate traffic and not in any other way. In addition, our on-site audit focused on physical security and controls around the appliances to ensure that the boxes could not be physically taken from the facility to be placed on other networks to route traffic there.

The system is not being revoked because of any type of compromise or issue with the the trust of the system. The system is being revoked in light of the major SSL events that occurred last year, as we have decided to no longer enable this system or any systems of this type in the future.

Interception

Last year hackers broke into the systems of Comodo and DigiNotar, granting rights to issue themselves with fake digital credentials. The fraudulent DigiNotar certificates were later used in a man-in-the-middle attack on ordinary internet users in Iran. Users in the Islamic Republic who thought they were talking directly to Gmail, Skype and other services were actually going through an intermediary who would have been able to sniff their traffic, logs at DigiNotar revealed.

Audits of DigiNotar revealed systemic security failures that prompted browser developers to revoke its trusted status, the same sanction some would like to see applied against Trustwave.

The lingering sensitivities over the DigiNotar and Comodo hacks partially explains why such severe punishments against Trustwave are even on the table.

What Trustwave has done "is a highly unusual activity, and is essentially the Holy Grail hackers are looking for", explained Mark Bower, data protection expert and VP at Voltage Security. "This is why hackers last year penetrated PKIs [public-key infrastructures] – to issue themselves bogus certificates for interception cases, for example to snoop on Gmail, which appeared to be the goal of hackers operating for the Iranian government as was reported last year."

He added: "Trustwave is also a security auditor. It’s questionable why an audit firm would be issuing digital certificates which could be potentially used by hackers if they fell into the wrong hands."

"If an organization has the ability to intercept SSL in this ‘man-in-the-middle’ situation as reported, this makes SSL useless. Who is this entity? Why did they have this capability?" Bower asked.

SSL bashers' ball

The debate over Trustwave comes hot on the heels of news that VeriSign suffered unspecified security breaches last year. VeriSign, the 800lb gorilla of the digital certificate business, hasn't said what type of attacks it suffered from, which could be anything from isolated malware infection or denial of service attacks to a more serious compromise. This lack of detail is less than helpful.

Trustwave has come clean about issuing MitM authority but it seems unlikely that it was alone in applying this approach, another source of concern.

"Unfortunately this is meat and drink for the ‘SSL bashers’ in the industry," said Calum MacLeod, EMEA director of the enterprise key and certificate management firm Venafi.

"Trustwave should be commended for making this statement public, knowing that this could result in reputation damage. I believe it is commendable that they will no longer continue this practice, but the reality is, in my opinion, that this is a common industry practice," said MacLeod.

"Most large enterprises use this approach to be able to monitor outgoing and incoming traffic, and it is common to find an assortment of technologies between a user and a web service such as DLP [data loss prevention], performance monitoring, and customer experience monitoring technologies, which are there ostensibly to help provide users and customers’ with more efficient services."

MacLeod compared the practice to the frequent recording and monitoring of calls to bank or airline call centres, a practice frequently explained in greeting messages. He called for a sense of proportion in the debate.

Preliminary verdict

The Mozilla discussion, which has ran to 66 erudite and technically detailed posts, appears to be moving towards a conclusion - if not a consensus. Mozilla representative Kathleen Wilson suggested that Trustwave will escape sanction and that other certificate authorities will be given a period of grace to come clean if they are offering MitM technology. Those that fail to come forward and continue to extend the practice will be punished, Wilson warned.

"I have posted a draft CA Communication in the mozilla.dev.security.policy forum for review/discussion," Wilson wrote. "My intent is to make it clear that this type of behaviour will not be tolerated for subCAs chaining to roots in NSS, give all CAs fair warning and a grace period, and state the consequences if such behaviour is found after that grace period. There is also an action item for CAs to update their CP/CPS to make it clear that they will not issue subCAs for this purpose."

The suggested policy, if adopted, will draw a line under the Trustwave MitM certificate affair but is unlikely to restore complete faith in the digital certificate system that underpins trust in secure communications on the net. The present trust model, vital to e-commerce is well as privacy, was devised in the 1990s, and increasingly looks outmoded and outdated.

Alternative trust models - such as Convergence - remain largely experimental so we'll have to stick with multiple CAs and digital certificate to secure SSL for the immediate future, at least.

To paraphrase Supertramp it's not much of a trust system but it's the only one we've got. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.